Getting Comfortable With The Basics

Security

1 2 3 16

Best password manager to use for 2020

Best password manager to use for 2020: 1Password, LastPass and more compared – By Clifford Colby cnet.com

The coronavirus pandemic probably isn't being terribly helpful when you're trying to remember all of your passwords individually, but a password manager can help you to seamlessly oversee and handle all the login credentials on your devices. Password managers are also handy for auto-filling forms and syncing your data across Windows PCs and Macs, iPhones, iPads, Android phones, and more.


The Ultimate Password Manager: 1Password vs LastPass vs KeePass vs RoboForm – By Adam Henshall process.st

Staying safe and secure online has always been important but now more and more people are waking up to the fact that we need to take extra steps to protect our various accounts.

> Two-factor/Multi-factor authentication

Multi-factor authentication and Two-factor authentication (2FA) Resources

I agree with experts, who suggest using Two-factor authentication on all of your accounts that offer it. Most banks and credit unions require 2FA. It's the code they send to you by SMS text, email, or a voice call. 

  • I have included articled from five sourced describing what 2FA is how to use it and many web sites that offer it as an option to secure your account.
  • After learning what 2FA is, you will find a great article by PCmag, "Who Has It and How to Set It Up." It's a great guide to implementing 2FA is sites most of us use.
  • Perhaps as impotent as implementing 2FA is avoiding getting locked out of your accounts when using Two-Factor Authentication.
  • I use Authy in place of Google Authenticator. Authy synchronizes to the cloud allowing use on multiple devices, including phones, tablets, computers, and browsers, making it both convenient to use and eliminates the issue moving to a new phone or computer.

> This site Two Factor Auth maintains a list of websites and whether or not they support 2FA.


Multi-factor authentication and Two-factor authentication – By From Wikipedia, the freeen.wikipedia.org

Multi-factor authentication is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence.


Two-factor authentication – By Chris Woodford explainthatstuff.com

How careful are you when it comes to securing your computer? Do you take pains to choose complex passwords and not write them down where other people can find them? Even if you do, isn't it just possible someone else could hack into the systems you use and do all kinds of damage?


Two-factor authentication (2FA) – By Margaret Rouse searchsecurity.techtarget.com

Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication.


How Does Two-Factor Authentication (2FA) Work? – By Brad merchantfraudjournal.com

Two-factor authentication is the best way to protect sensitive data from theft.


How does multi-factor authentication work (technically)?  – Christian Roberts, Security Engineer at Protectimus Solutions

The most popular second factor is OTP (one-time-password). Usually, it is 6 or 8 digits password, which could be delivered to users via SMS or email or generated by software or hardware token.




Two-Factor Authentication: Who Has It and How to Set It Up – By Eric Griffith pcmag.com

You can get that code via text message or a specialized smartphone app called an "authenticator." Once linked to your accounts, the app displays a constantly rotating set of codes you can use whenever needed—and it doesn't even require an internet connection. The arguable leader in this area is Google Authenticator (free on Android and iOS). Twilio AuthyDuo MobileSAASPASS, and LastPass Authenticator, among others, all do the same thing on mobile and some desktop platforms, and the majority of popular password managers all have 2FA by default.

The codes provided by authenticator apps sync across your accounts, so you can scan a QR code on the phone and get your six-digit access code on your browser if supported.


Two-Factor Authentication Is a Must for Mobile by RSA

RSA is an American computer and network security company with a focus on encryption and encryption standards.




SecurityWatch: How to Not Get Locked Out With Two-Factor Authentication – By Max Eddy pcmag.com

What happens if I lose my password? Or if my antivirus deletes my stuff? The advent of two-factor authentication has created a new twist on familiar anxiety: what happens if I can't use my second factor and get locked out of my account?


How to Avoid Getting Locked Out When Using Two-Factor Authentication – By Chris Hoffman howtogeek.com

What happens if you lose or reset your phone? If you don't plan your recovery method ahead of time, you could permanently lose access to your accounts.





2FA questions

  • Who initiates the process to set up the authenticator app, by which I mean, who generates the code for a transaction?
  • Is it always the merchant, or does the customer sometimes initiate it? i.e., Are there some merchants who let the customer initiate the app to generate a six-digit code?

The confusion comes because of Authy. As I understand Authy, that the program generates a six-digit code. 

  A: Authy app requires a cell phone number to set up. I also have Mac, Win10, and Chromebook apps. gmm 

  • Banks don't require the use of the cellphone when a log-on attempt comes from my desktop computer.

  A: SMS to a cell phone is much faster and works when not at your home.

  • To continue my question, how is it that Authy can generate a six-digit code that is useful if the merchant always and only creates a code that it will accept and recognize? I have not gotten Authy to work yet?

A: Authy and Google Authenticator use TOTP (Time-Based One-Time Password) algorithm that generates short-lived OTPs to provide additional security to users' accounts. Generated passwords are temporary and valid a certain amount of time (usually 30-60 seconds). TOTP algorithm based on HOTP with a time-based moving factor described in RFC 6238.

OTP (one time password) is sent to an Authentication server by a user, for authentication validation is synced based on time.

There are three factors involved in the OTP generation process:

  1. Time(T1)
  2. Serial no. of a token (secret key)
  3. Algorithm(A1)
  • Are there merchants who let the customer generate the 2fa six-digit code for a transaction? 

A: OTPs are generated based on the secret key. Usually, the server generates the secret key, and the token programs the secret key into the app, allowing the generation of OTPs by the app. The server checks OTP, and if it's correct, the server provides access to the system.

A: Two Factor Auth twofactorauth.org List of websites and whether or not they support 2FA.

Separate but related issue: Privacy.com has not let me identify a bank to work with their service. 

A: We're only able to send an SMS text message to confirm someone's phone number on their Privacy account.

 

 

Best password manager to use for 2020

Best password manager to use for 2020: LastPass, 1Password and more compared – By Clifford Colby cnet.com

If you've always had a hard time keeping track of all your passwords, the coronavirus pandemic probably isn't helping. What can help, however, is a password manager to oversee and handle the login credentials of each of your devices. The best password manager can also auto-fill the forms in your web browsers as well as sync your data across Macs and Windows PCs,  iPads,  iPhones, Android phones, and more.

– >Turn on MFA Before Crooks Do It For You

Turn on MFA Before Crooks Do It For You By krebsonsecurity.com 

Many popular websites now offer some form of multi-factor authentication (MFA), which helps users safeguard access to accounts if their password gets breached, stolen, or guessed. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked. Increasingly thieves will enable multi-factor options and tie your account to a device they control. Here the story of one such incident. Turn on MFA Before Crooks Do It For You

2 Factor Authentication – What is 2FA?

2 Factor Authentication – What is 2FA? – By dottotech youtube.com

Google calls it 2 Step Verification.2FA is simple to implement security settings that can and will protect most of your online accounts.
It is based on one rule, in order to access your account you need to know something (name and password) and have something (a trusted device like a smartphone to verify you are who you say you are). This combination secures your account to a much higher level.

> Who Has Your Email Address? Has Your Account Been Breached?

Who Has Your Email Address? Has Your Account Been Breached? – By dottotech youtube.com

Every day, web services and accounts are being breached. 

This video has some interesting information Steve demonstrates the Breach Report website. It is a great site where you can check if your email address has been breached. However, I don't recommend you sign up for real-time updates it's too expensive for home users. Just use a password manager and 2-factor authentication with a different password for each site.  Glenn

– > Contactless Payment: Tap to pay

Best contactless credit cards: Tap to pay – thepointsguy.com  Madison Blancaflor
Contactless credit cards are cards that don’t require you to insert your card chip when you make a purchase. These cards use EMV chip technology (chip security developed for Europay, Mastercard and Visa but now used by many cards) with NFC (near-field communication) for proximity payments. Cards with contactless capabilities can be used like a standard chip credit card or for “tap-and-go” payments similar to Apple Pay and Google Pay purchases.


Apple Pay is easy and works with the Apple devices you use every day.


Google Pay is a fast, simple way to pay contactless​. 
When you pay with your Android phone or Apple iPhone, Google Pay uses an encrypted number instead of your actual card number so your details stay secure. With contactless payments, you can check out faster with the device that's already in your hand.

> We still stink at passwords, and there’s really no excuse

We still stink at passwords, and there’s really no excuse – By Rob Pegoraro fastcompany.com

We need to quit recycling and stop trusting our own minds. This seemingly-antisocial advice comes from a new study of password practices that reaches old conclusions: Too many people still try to ease online security by reusing the same passwords across multiple sites and keeping them simple enough to memorize.

How to Protect Yourself From SIM-Swapping Attacks

How to Protect Yourself From SIM-Swapping Attacks – By Matthew Hughes howtogeek.com

You think you’re making all the right moves. You’re smart with your security. You have two-factor authentication enabled on all your accounts. But hackers have a way to bypass that: SIM swaping.


How to Prevent and Respond to a SIM Swap Scam – By lifehacker.com

When ZDNet’s Matthew Miller got hit with a SIM swap attack, he described it as a “horror story” that caused him to lose “decades of data.” And he’s not being hyperbolic; more than a week later, he’s still dealing with the aftereffects, and there’s no guarantee from some of the major tech players—including Twitter and Google—that he’ll ever be able to regain access to that which his attackers messed up.

– How Google Meet keeps your video conferences protected

Secure connections: How Google Meet keeps your video conferences protected

All over the world, businesses, schools and users depend on G Suite to help them stay connected and get work done. Google designs, builds, and operates our products on a secure foundation, aimed at thwarting attacks and providing the protections needed to keep you safe. G Suite and Google Meet are no exception.

1 2 3 16